Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[TASK] Anonymize token in Exception handlers
Log entries no longer contain specific tokens. Instead, they are replaced with `--AnonymizedToken—`. Resolves: #84502 Releases: master, 8.7 Change-Id: I42a8127cdccc904e8bbb82b5ea74b0e3d012586f Reviewed-on: https://review.typo3.org/56419 Tested-by: TYPO3com <no-reply@typo3.com> Reviewed-by: Markus Klein <markus.klein@typo3.org> Tested-by: Markus Klein <markus.klein@typo3.org>
- Loading branch information
Showing
3 changed files
with
96 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 12 additions & 9 deletions
21
typo3/sysext/core/Tests/Unit/Core/ApplicationContextTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
69 changes: 69 additions & 0 deletions
69
typo3/sysext/core/Tests/Unit/Error/AbstractExceptionHandlerTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
<?php | ||
declare(strict_types=1); | ||
namespace TYPO3\CMS\Core\Tests\Unit\Error; | ||
|
||
/* | ||
* This file is part of the TYPO3 CMS project. | ||
* | ||
* It is free software; you can redistribute it and/or modify it under | ||
* the terms of the GNU General Public License, either version 2 | ||
* of the License, or any later version. | ||
* | ||
* For the full copyright and license information, please read the | ||
* LICENSE.txt file that was distributed with this source code. | ||
* | ||
* The TYPO3 project - inspiring people to share! | ||
*/ | ||
|
||
use TYPO3\CMS\Core\Error\AbstractExceptionHandler; | ||
use TYPO3\TestingFramework\Core\Unit\UnitTestCase; | ||
|
||
/** | ||
* Testcase for the AbstractExceptionHandlerTest class | ||
*/ | ||
class AbstractExceptionHandlerTest extends UnitTestCase | ||
{ | ||
/** | ||
* Data provider with allowed contexts. | ||
* | ||
* @return array | ||
*/ | ||
public function exampleUrlsForTokenAnonymization(): array | ||
{ | ||
return [ | ||
'url with valid token' => [ | ||
'http://localhost/typo3/index.php?M=foo&moduleToken=5f1f7d447f22886e8ea206693b0d530ccd6b2b36', | ||
'http://localhost/typo3/index.php?M=foo&moduleToken=--AnonymizedToken--' | ||
], | ||
'url with valid token in the middle' => [ | ||
'http://localhost/typo3/index.php?M=foo&moduleToken=5f1f7d447f22886e8ea206693b0d530ccd6b2b36¶m=asdf', | ||
'http://localhost/typo3/index.php?M=foo&moduleToken=--AnonymizedToken--¶m=asdf' | ||
], | ||
'url with invalid token' => [ | ||
'http://localhost/typo3/index.php?M=foo&moduleToken=5f1f7d447f22886e8/e', | ||
'http://localhost/typo3/index.php?M=foo&moduleToken=5f1f7d447f22886e8/e', | ||
], | ||
'url with empty token' => [ | ||
'http://localhost/typo3/index.php?M=foo&moduleToken=', | ||
'http://localhost/typo3/index.php?M=foo&moduleToken=', | ||
], | ||
'url with no token' => [ | ||
'http://localhost/typo3/index.php?M=foo', | ||
'http://localhost/typo3/index.php?M=foo', | ||
], | ||
]; | ||
} | ||
|
||
/** | ||
* @test | ||
* @dataProvider exampleUrlsForTokenAnonymization | ||
* @param string $originalUrl | ||
* @param string $expectedUrl | ||
*/ | ||
public function anonymizeTokenReturnsCorrectModifiedUrl(string $originalUrl, string $expectedUrl) | ||
{ | ||
$mock = $this->getAccessibleMockForAbstractClass(AbstractExceptionHandler::class, ['dummy']); | ||
$anonymizedUrl = $mock->_call('anonymizeToken', $originalUrl); | ||
$this->assertSame($expectedUrl, $anonymizedUrl); | ||
} | ||
} |